I found a solution for deactivating not completed TOTP activations Use the valid_from field in the database for the first valid logon date
Execute the following queries against the database (mysql) within a cron job. In my case I used a max activation time of 7 days UPDATE guacamole_user SET guacamole_user.disabled=1 WHERE valid_from IS NULL; UPDATE guacamole_user LEFT JOIN guacamole_user_attribute ON guacamole_user.user_id=guacamole_user_attribute.user_id SET guacamole_user.disabled=1 WHERE (valid_from < NOW() - INTERVAL 7 DAY) AND guacamole_user_attribute.attribute_name IS NULL; UPDATE guacamole_user LEFT JOIN guacamole_user_attribute ON guacamole_user.user_id=guacamole_user_attribute.user_id SET guacamole_user.disabled=1 WHERE ((valid_from < NOW() - INTERVAL 7 DAY) AND (guacamole_user_attribute.attribute_name='guac-totp-key-confirmed')) AND (guacamole_user_attribute.attribute_value='false'); Von: Alex Kaiser Gesendet: Mittwoch, 20. November 2019 12:42 An: [email protected] Betreff: Max activation time for TOTP authentication with LDAP+mysql Is it possible to set a timeframe within the user has to activate his TOTP authentication on the first logon attempt? For example 48hrs after the user was added to the mysql database. Otherwise the account would be disabled. Kind Regards Alex Kaiser
